Description

Stefan Horst of SektionEins GmbH reported a critical pre-auth SQL injection vulnerability in Drupal core 7.x versions prior to 7.32. Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks.

Remediation

It is recommended to upgrade to the latest version of Drupal. (This issue was fixed in version 7.32).

References

Advisory 01/2014: Drupal - pre Auth SQL Injection Vulnerability

SA-CORE-2014-005 - Drupal core - SQL injection

Related Vulnerabilities

WordPress Plugin WP Forum Server Cross-Site Scripting and SQL Injection Vulnerabilities (1.7.3)

WordPress Plugin Image Optimizer, Resizer and CDN-Sirv SQL Injection (1.3.1)

WordPress Plugin Page Visit Counter SQL Injection (4.0.9)

WordPress Plugin WP Session Manager SQL Injection (1.2.1)

WordPress Plugin Traffic Analyzer SQL Injection (3.4.2)

Severity

High

Classification

CVE-2014-3704 CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

SQL Injection